Security is one of the most important aspects of using Usage Engine. This document outlines some of the basic security considerations that should be upheld when using the service. Security defines several areas of interacting with data that are important in a given aspect:
Usage Engine is designed to incorporate security considerations into all stages of development and operation of the product. All of the implemented designs and features are created with compliance in mind. Usage Engine is certified according to industry-leading standards and practices, aiming to provide the highest level of protection. Usage Engine meets all enterprise security requirements.
For more information visit the Security and Compliance page.
Security principles are divided into two main types: Rules (mandatory requirements) and Recommendations (optional considerations). Each of them is mandated through a specific principle. An outline of their roles in relation to the security aspect is:
Usage Engine is a highly configurable service that can support various business models and processes. Data privacy requirements are to be fulfilled by configuring system interfaces, data structures, and relevant security settings.
Consent for the service is implicit as the business use requires captured personal data to complete transactions, for example in payment processes. Additionally, in Usage Engine it is possible for end-users to build scenarios where the processed data contains personal information that is collected or forwarded across national borders.
It is the responsibility of the end-users to ensure that the configured scenarios comply with legal requirements.
Running deployments may store records that contain personal information in logs that are available to end-users. Deployments do not store individual records by default and the behavior is determined by the user-configured streams. The deployment logs are deleted after a period of 90 days. If you need the data to be removed before the expiry period, please submit your request to DigitalRoute Support.
Secrets Wallet depends on a secure infrastructure that is carefully designed to provide a secure environment. All private operations are handled using a set of encryption keys that are used to authorize and authenticate Usage Engine operations. These keys are based on hardware security modules that use the FIPS 140-2 standard for protection.
For security reasons, there is an automatic security keys expiration and renewal process that ensures that the best practices are met according to international standards.
The Usage Engine platform service includes support for OAuth2 in the HTTP client function. It is implemented by following the RFC 6749 specifications and creates a secure authorization layer intended to provide restricted resources. This functionality is developed to aid integration with other services and stream interaction. During the authentication process, as defined in the RFC, additional client-side and server-side data flow interactions can take place – the use of TLS and HTTP redirection.
The use of OAuth2 creates a more secure environment and allows for heightened security to be used with complex streams where connections to an API server are required.
As a Software-as-a-Service provider, we follow the shared responsibility model over the security of the solution, together with its tenants.
DigitalRoute is responsible for securing the infrastructure and Usage Engine platform from external threats, ensuring data segregation between the solutions and tenants, and maintaining its availability.
Tenant is responsible for using and operating the provided solution and its functionality in a secure manner. This includes:
These guidelines imply how to handle data and important resources within Usage Engine, and are not considered mandatory rules by the system. They are highly recommended and help to ensure that a secure environment is maintained.
Passwords are a specially designed secret value that serves to authorize access to a given resource. In most cases, they are used alongside other identifiers to identify users and allow access to certain service sections. To combat risks involved with weak security, there are specific NIST (USA National Institute of Standards and Technology) requirements that provide the best practices and guidelines as to how a secure password can be chosen:
An important security aspect is a way through which the service is accessed. Unauthorized access can happen due to low security on the device from which Usage Engine is accessed. In this regard, there are significant risks that should be minimized to prevent access from unauthorized parties.
Usage Engine has three roles by design: Admin, User, and Guest, each with its own set of permissions. Both the User and Guest roles have access to streams, logs, metrics, and groups, allowing them access to production data and configuration options. This means that Guest access should be supervised and only trusted users should be granted these rights. All Usage Engine users should be aware of the Security provisions and best practices to ensure that the data is managed in accordance with the defined security principles by the Usage Engine service owners.
For more information on Roles, visit the relevant documentation page.
To prevent abuse and potential weak security scenarios, you can protect the end-user device by following these recommendations:
When using the individual function nodes, it is possible to apply some security considerations and best practices that can help set up a protected environment. Following these examples will mitigate some risks related to data leakage:
Like in any other service, data leakage can be a significant risk to the security domain. This is considered a substantial threat and there are several types of data leakage consequences:
It is possible that all of these categories of data leakage can be performed on Usage Engine installations if proper security procedures are not followed. The three stages of data leakage can be accessed via the cloud access provided to users across all system-defined roles: access to the Usage Engine system, data retrieval, and data sharing.
As preview data functions and function configuration elements can be used to access and show sensitive information including classified data, extra caution should be taken to address individual responsibility. All users that have an assigned access role to the system must be instructed on how to handle this information. Data access and Usage Engine service operations must be made in accordance with the “need to know” basis to minimize the associated risks.
Usage Engine has extensive support for both audit of the running streams and a Log function that enables in-depth monitoring of the designated processes. Such data can be saved onto local storage and thus made accessible to everyone that has access to that location. For this reason, the security of the local storage medium should be mandated. Also note that Beta functions when in use may not have implemented a proper security model, for this reason, any information specified in these functions should be treated as insecure.
It is also recommended to use the Usage Engine service in accordance with some of the privacy considerations. Examples of some good rules to follow are as follows:
Data validation as part of the system’s JSON verification node functionality can be potentially abused by the system. There are comprehensive instructions on how this can be mitigated in the official Validate function documentation. We recommend that users be aware of the important security considerations before entering JSON schema in the system.
NIST Special Publication 800-63B regarding password security. This is the policy defined by the USA National Institute of Standards and Technology, responsible for many IT standards used worldwide.
JSON Schema Validation NSA Security Guidelines used during validation.